|
|
Application Data Extraction from Network Protocols
Januš, Filip ; Jeřábek, Kamil (referee) ; Holkovič, Martin (advisor)
This thesis is focused on design and implementation of tool for data extraction from captured network communication. The theoretical part deal with particular network protocols, its behavior, defines keywords and apprises with used tools. Second part is focused on design and implementation of extraction tool, design of declaration language for description of protocols. In the extractor are included third-party tools for analysis particular packets and reconstruction network flows. These tools together with designed declarative language are used due to requirement on easy extendability of designed tool. The end of this thesis is dedicated functional and performance testing of implemented tool.
|
|
|
Recursive IPC Network Architecture: Analyze and Model of Enrollment
Jeřábek, Kamil ; Marek, Marcel (referee) ; Halfar, Patrik (advisor)
This thesis is focused on analysis of the Enrollment and integration of this phase to model of Recursive InterNetwork Architecture (RINA) that is developed in the OMNeT++ simulation environment. In this thesis is the RINA architecture described generally. Furthermore, there are listed cases of the Enrollment and the Common Application Connection Establishement Phase, and it is described when starts and ends. The thesis is especially focused on design and implemntation of these phases of communication in the OMNeT++ simulation environment within Pristine project.
|
|
|
Security Analysis of Home IoT Network
Čikel, Tomáš ; Jeřábek, Kamil (referee) ; Pluskal, Jan (advisor)
This work focuses on the issue of the security in home IoT network. Specifically, it focuses on the security issues of commercial IoT devices and their automation systems. In the work itself, it was firstly analyzed and identified specific threats specific for our network. To address these threats, the original automation systems and firmware on the devices were replaced by open-source implementations that were configured to address discovered threats. Although, there are still several security issues in a network with an open-source implementation, a large part of the security issues which were discovered has been eliminated. The results of this work allows to configure a home IoT network using an opens-source automation system and firmware and proves that such a network is more secure than the network where the original factory-supplied automation systems and firmware on devices are used.
|
|
|
Extending NetFlow Records for Increasing Encrypted Traffic Classification Capabilities
Šuhaj, Peter ; Jeřábek, Kamil (referee) ; Holkovič, Martin (advisor)
Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.
|
|
|
Room Occupancy Detection with IoT Sensors
Kolarčík, Tomáš ; Jeřábek, Kamil (referee) ; Pluskal, Jan (advisor)
The aim of this work was to create a module for home automation tools Home Assistant. The module is able to determine which room is inhabited and estimate more accurate position of people inside the room. Known GPS location cannot be used for this purpose because it is inaccurate inside buildings and therefore one of the indoor location techniques needs to be used. Solution based on Bluetooth Low Energy wireless technology was chosen. The localization technique is the fingerprinting method, which is based on estimating the position according to the signal strength at any point in space, which are compared with a database of these points using machine learning. The system can be supplemented with motion sensors that ensure a quick response when entering the room. This system can be deployed within a house, apartment or small to medium-sized company to determine the position of people in the building and can serve as a very powerful element of home automation.
|
|
|
Security System for Web Application Attacks Elimination
Vašek, Dominik ; Zobal, Lukáš (referee) ; Jeřábek, Kamil (advisor)
Nowadays, botnet attacks that aim to overwhelm the network layer by malformed packets and other means are usually mitigated by hardware intrusion detection systems. Application layer botnet attacks, on the other hand, are still a problem. In case of web applications, these attacks contain legitimate traffic that needs to be processed. If enough bots partake in this attack, it can lead to inaccessibility of services provided and other problems, which in turn can lead to financial loss. In this thesis, we propose a detection and mitigation system that can detect botnet attacks in realtime using statistical approach. This system is divided into several modules that together cooperate on the detection and mitigation. These parts can be further expanded. During the testing phase, the system was able to capture approximately 60% of botnet attacks that often focused on spam, login attacks and also DDoS. The number of false positive addresses is below 5%.
|
|
|
Correlating IPFIX Records of Proxy Server Traffic
Krůl, Michal ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This thesis engages the problem of correlation the network flow records. It tries to find solution, which would allow to automatically pinpoint correlating flows on both sides of the proxy server. For this purpose, a dataset containing captured network traffic is created, which then serves as a base for analysis. Based on the results of the analysis a solution is presented, which is consequently tested and discussed.
|
|
|
Log Analysis Using TeskaLab Platform
Kocinec, Patrik ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This work describes the usage of machine learning methods for processing logging information on LogMan.io system. The work includes a description of methods of processing logging information for the purposes of security monitoring, as well as machine learning methods and principles of data processing. Subsequently, the work focuses on the introduction of the LogMan.io system and its components. Then, an application for processing logging information is designed and implemented on LogMan.io system, which uses machine learning methods to detect malign domains. When implementing the application for model training, several methods were used focusing on the accuracy of detection.
|
|
|
BitTorrent Seedbox Detection
Grnáč, Martin ; Jeřábek, Kamil (referee) ; Polčák, Libor (advisor)
Bachelor's thesis is focused on issues with monitoring and detection of seedboxes in BitTorrent network with help of netflow technology. In the theoretical part of this thesis is introduced and described P2P architecture, basics and key terms of BitTorrent architecture and theoretical definition of seedbox. There are also described specific methods which can be used for detection of network communication and next there is described process of seedbox analysis in network and process of finding its characteristics. On base of this knowledge and observations is designed a set of tools,which help with detection of seedboxes. In the practical part of this work is presented implementation of these tools and results of testing these tools.
|
|
| |
guest ::
